Solved: Re: ISE Posture - No Policy Server Detected - Page 2

SecurityJumbo · ‎06-24-2023

Hello guys,

I'm deploying the ISE posture policy and I run into the AnyConnect Posture return "No Policy Server Detected" as shown below.

The switch and machine are able to reach to the ISE ip and dns name.

I created the ISEPostureCFG.xml file and save it at "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\ISE Posture\"

The ISE AnyConnect Profile

I configured the Client Provisioning, Policy Element, Posture Policy and Policy Set.

Maybe there is a config missing or incorrect, not sure where I start to troubleshoot. Please assist me on this issue.

Aref Alsouqi · ‎06-28-2023

How many ISE nodes do you have? and does the endpoint use any proxy for web traffic?

SecurityJumbo · ‎06-29-2023

Hey guys, it is only one ISE and direct connection, No Proxy.

No upstream firewall or ACL. No custom portal setting. Using the default one. I will try to change the setting and see if that helps

SecurityJumbo · ‎06-30-2023

Okay, I knew it there is something in the switch. I used another switch and the URL redirecting works fine.

Aref Alsouqi · ‎07-02-2023

In that case I would compare the aaa config on both switches, including the redirect ACL, as well as the ensuring the http server is enabled on the switch. If you want to keep the http server enabled on the switch but denying any access to the switch http portal then you can use the following command:

ip http active-session-modules none